If you have multiple groups and/or resources that you manage together or you have a need to share data between teams, the IDM team can create a defined role for your convenience.
What is a Defined Role?
Defined roles in IDM are just that, roles that are defined by an IDM user and set up by an IDM admin. Defined roles are a powerful mechanism that makes it easy to enable access to the proper LC hosts and groups based on the user's project. When a new person is added to a project, they only need to be added to the associated defined role, which would then automatically grant the user all of the needed host and group permissions.
Requesting a Defined Role
An LC Coordinator can request the creation of a new defined role by sending a request to the LC IDM team at lc-idm-admin@llnl.gov. The information needed for a request includes:
- The name of the role
- Which networks the role is needed in (OCF, SCF, SNSI)
- The LC groups and LC hosts which should be managed together (i.e., the access being granted by membership in the role)
- The ouns of the people who can approve membership changes for this role
- Required membership traits (e.g., US citizen, Q-Clearance)
Adding or Removing Members of a Defined Role
See IDM—Add or Remove Role Members to manage role membership.